How does mvn --encrypt-master-password work?

前端 未结 1 1623
猫巷女王i
猫巷女王i 2021-01-05 07:04

I would like to know the algorithm or technique used by this command (mvn --encrypt-master-password ). Each time I run it produces a different output. I\'m assuming that it

1条回答
  •  走了就别回头了
    2021-01-05 07:33

    The encryption mechanism is not in the maven codebase per se. It is located on a library called plexus-cipher. It is always on the maven distribution. Mine is on lib/plexus-cipher-1.7.jar being 3.0.5 the maven version.

    The actual cipher is AES/CBC/PKCS5Padding. The key for the cipher and IV for the block chaining are derived iterating SHA-256-ing over the provided password (encoded as UTF-8) concatenated with a JVM-configuration-specific (usually SHA1PRNG) 64-bit random salt once or twice.

    No big surprises here. It seems to be on the same format every other soul is using nowadays.

    The gory details can be found reading the source on the GitHub project page

    0 讨论(0)
提交回复
热议问题